[fw-wiz] point to point tunnel asa to pix for all traffic



I am trying to set up a tunnel between a PIX 515(in colo) running PIX7
code and a PIX 506E(at a branch site), the tunnel should push all
internet(or at the very least all web traffic, port 80 that is) out of
the colo PIX. After the colo PIX is a sonicwall content filter doing
some general blocking, we want a central content filter since there
are many branch sites and the filtering is very simple. The tunnel
does come up however i can not pass any internet traffic. I believe
this is a nat problem in the colo as i was getting increments on the
inbound counters for the tunnel in colo, but outbound counters barely
moved.
Can anyone provide me with suggestions on what the nat should look lik in colo?

I was using
where the global is set up on the outside interface
nat (outside) 1 192.168.11.0 255.255.255.0


thank you
--
-Lawrence
_______________________________________________
firewall-wizards mailing list
firewall-wizards@xxxxxxxxxxxxxxxxxxxxx
https://listserv.icsalabs.com/mailman/listinfo/firewall-wizards



Relevant Pages

  • Re: [Edit] VPN pix 506 to 501 ...
    ... After, if that not resolve the problem, i will change the crypto map by ... > which tells the PIX to ignore the interface ACLs for tunnel traffic. ... unless you had turned that off with 'logging message'... ...
    (comp.dcom.sys.cisco)
  • Re: IPsec performance just 55% of WAN bandwidth
    ... It looks like pings with a payload larger than 1418 bytes are ... I do not know why 1000 exactly, and PIX offers no way to ... SHA-1 is used for the authentication, ... Are the pings going inside the tunnel or outside the tunnel? ...
    (comp.security.misc)
  • Re: IPsec performance just 55% of WAN bandwidth
    ... It looks like pings with a payload larger than 1418 bytes are ... I do not know why 1000 exactly, and PIX offers no way to ... SHA-1 is used for the authentication, ... Are the pings going inside the tunnel or outside the tunnel? ...
    (comp.security.firewalls)
  • PIX packets get NATed which shouldnt
    ... A PIX 501 Version 6.3 managing an IPSec tunnel to an ASA 5510 seems ... to to source NAT on outgoing packets which according to its config ... with its RFC1918 destination address the packet could never have ...
    (comp.dcom.sys.cisco)
  • Re: Cisco PIX VPN access-lists
    ... IPSec tunnel between a Cisco PIX and a Juniper SSG 20. ... Can you specify host and port access lists using that crypto map match ...
    (comp.dcom.sys.cisco)